The Microsoft OneDrive connector for Gemini Enterprise lets you access your Microsoft OneDrive and interact with your files and folders.
Supported Microsoft OneDrive versions
The Microsoft OneDrive connector supports all hosted versions of Microsoft OneDrive through the Microsoft Graph API v1.0.
Supported actions
When the Microsoft OneDrive connector is enabled, end users can use natural language commands in Gemini Enterprise to perform the following actions.
| Action | Description |
|---|---|
| Create folder | Creates a new folder at a specified path in Microsoft OneDrive. |
| Copy file | Copies a file from a source to a destination in Microsoft OneDrive. |
In addition to these, additional read-only actions are available.
Required permissions
To enable Gemini Enterprise to perform search and data ingestion using the Microsoft OneDrive data store, you need the following permissions:
Microsoft Graph API permissions
The table below outlines the permissions required for each connection mode.
Note: The following table outlines the permissions required for each connection mode. If you enable Actions for either the Federated search or Data ingestion connection mode, also select the permissions listed in the Actions row.
| Connection mode | Scope | Purpose |
|---|---|---|
| Federated search | Files.Read.All |
(Delegated) Allows the connector to read all files that the user can access. |
Sites.Read.All |
(Delegated) Allows the connector to read documents and list items in all site collections that the user can access. | |
| Data ingestion | GroupMember.Read.All |
(Federated credentials & OAuth 2.0 refresh token) Allows the connector to read memberships and basic group properties for all groups without a signed-in user. |
User.Read |
(Federated credentials & OAuth 2.0 refresh token) Allows the connector to read the profile of signed-in users. It also allows the connector to read basic company information of signed-in users. | |
User.Read.All |
(OAuth 2.0 refresh token only) Allows the connector to read user profiles. | |
Sites.FullControl.All (Option 1)Sites.Selected (Option 2) |
(Federated credentials & OAuth 2.0 refresh token) Option 1 allows the connector to have full control of all site collections. Option 2 allows the connector to access a subset of site collections. The specific site collections and the permissions granted can be configured in Microsoft OneDrive. | |
User.Read.All (Option 1)User.ReadBasic.All (Option 2) |
(Federated credentials only) Option 1 allows the connector to read user profiles. Option 2 allows the connector to read a basic set of profile properties of other users in the organization. | |
| Actions | Files.ReadWrite.AppFolder |
(Delegated) Allows the connector to read, create, update and delete files in the Microsoft OneDrive folder. |
Files.ReadWrite |
(Delegated) Allows the connector to read, create, update and delete the files that the user can access. |
For information on how to add the permissions for Microsoft OneDrive, see Configure Microsoft OneDrive and set the necessary permissions.
Limitations
This section outlines known issues and limitations that may affect your use of the Microsoft OneDrive connector.
Enforcing a VPC Service Controls perimeter on existing Microsoft OneDrive data stores is not supported. To enforce VPC Service Controls, you must delete and recreate the data stores. For more information on VPC Service Controls and how to use actions after enabling VPC Service Controls, see Secure your app with VPC Service Controls.
The Microsoft OneDrive data store is supported only in Global, US, and EU locations.
When creating a new application or adding a data store to an existing application, we recommend that you add a data store with actions belonging to a single connector type. For example, don't associate two Microsoft OneDrive data stores with actions enabled to the same application.
The following are the limitations for the Microsoft OneDrive federated connector:
- Search limitations: Search results may vary and are not always comprehensive for all file types. Content in archived or encrypted folders may not be accessible for search. Federated search does not support searching within attachments.
- Delegated access: Access to shared Microsoft OneDrive files or folders may require specific permissions not covered by standard user authorization.
The following are the limitations for the Microsoft OneDrive ingestion connector:
- Incremental sync does not detect folder-level actions like Copy, Move, or Rename.
What's next
- To create and configure a connector with Microsoft OneDrive, see Set up a Microsoft OneDrive data store.